Privacy Policy - GDPR
Privacy Policy – GDPR
Introduction
SUSSEX DEFENCE SOLICITORS is committed to safeguarding the privacy of those whose personal data comes into our possession. In this policy, where we use the terms “we”, “us” or “our” we are talking about SUSSEX DEFENCE SOLICITORS.
Personal data is any information relating to a living individual (otherwise known as the Data Subject) who can be identified either from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller.
Special category personal data is data that reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and or biometric data, details of health, an individuals sex life or sexual orientation.
This policy explains:
- What personal data we collect;
- How we collect, store, use or share your personal data;
- Why we collect your personal data;
- Your rights in relation to your personal data; and
- Who and how to contact in the event of a concern or a complaint about the way your personal data has been collected, store, used or shared.
What personal data do we collect?
The lists below set out the personal data we will or may collect in the course of advising and /or acting for you.
Personal data we will collect:
- Your name, address, telephone numbers (including mobiles) and email address
- Date of birth
- Information to enable us to check and verify your identity, e.g. your passport details
- Electronic contact details, e.g. your email address and mobile phone number
- Information relating to the matter in which you are seeking our advice or representation
- Your financial details so far as relevant to your instructions.
Personal data we may collect
- Your National Insurance and tax details
- Your bank and/or building society details
- Details of your social media presence
- Details of your spouse/partner and dependents or other family members
- Your financial details, bank accounts, savings and pension details
- Your employment status and details including salary and benefits, as well as records
- Your nationality and immigration status and information from related documents
- Your racial or ethnic origin
- Your medical records
We will only collect personal data that is relevant to the service we are performing for you, or that is incidental to that service. This personal data may be required to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
How is your personal data collected?
We collect most of this information from you. However, we may also collect information:
- from publicly accessible sources, e.g. social media or Companies House;
- directly from a third party such as enforcement bodies and those with responsibilities for prosecuting criminal offences; from a third party with your consent, e.g. consultants and other professionals engaged in relation to your matter;
- your employer, trade union or professional body; doctors, medical and occupational health professionals; insurance companies.
- via our information technology (IT) systems, e.g.: case management and document management systems; and
- automated monitoring of our website and other technical systems, such as our computer networks and connections, access control systems, communications systems, email system.
How and why we will use your personal data
We can only use your personal data if we have a lawful and proper reason for doing so.
The lawful basis is that the processing is necessary in relation to a contract which the data subject has entered into with us (either directly or through an intermediary), or because the data subject has asked for something to be done so they can enter into a contract.
We may use personal data to:
- Provide legal services
- Apply for legal aid
- Conduct checks to identify our clients and verify their identity
- Comply with professional, legal and regulatory obligations that apply to our business, g. rules issued by our professional regulator
- Gather and provide information required by or relating to audits, enquiries or investigations by regulatory bodies
- Ensure business policies are adhered to, e.g. policies covering security and internet use
- Improve efficiency, train staff or assess quality control
- Ensure the confidentiality of commercially sensitive information
- Conduct statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures
- Prevent unauthorised access and modifications to systems
- Update client records
- Ensure safe working practices, staff administration and assessments
- Undergo external audits and quality checks, e.g. for the SQM and the audit of our accounts
We will process data in those ways for the following reasons:
- to comply with our legal and regulatory obligations;
- for the performance of our service for you or to take steps at your request before providing our service;
- where you have given consent.
We will only process special category personal data with your explicit consent.
Who we share your personal data with
In providing services to you we will of course have to share your data with your instructed barrister(s). We may also have to contact other organisations about you, including solicitors, courts, experts such as medical consultants etc
We will also share your data with the Legal Aid Agency in order to apply for Legal Aid and any further information that they request throughout the proceedings.
We only allow our service providers (such as our IT Contractors) to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose to our regulatory bodies to comply with our legal and regulatory obligations.
We will not share your personal data with any other third party without your specific consent.
Where your personal data is held
Information may be held at our offices, by service providers, representatives and agents as described above (see ‘Who we share your personal data with’). All our service providers are based inside the European Economic Area.
How long your personal data will be kept
We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
We will not retain your data for longer than necessary. Different retention periods apply for different types of data. In general we will retain electronic material for 6 years.
When it is no longer necessary to retain your personal data, we will delete it.
Transferring your personal data out of the EEA
To deliver services to you, it may on rare occasions be sometimes necessary for us to share your personal data outside the European Economic Area (EEA), eg:
- if you are based outside the EEA;
- where there is an international dimension to the matter in which we are advising you.
These transfers are subject to special rules under European and UK data protection law.
In the event that such transfer appears as if it might be necessary we will advise you on a case by case basis.
Your rights
You have the right to access your data free of charge, have it rectified (if there are mistakes in your personal data), to be forgotten (in certain situations), to restrict our processing of your data (e.g. if it is inaccurate), to request a copy of the data we hold, to object to your data being processed for marketing purposes or the continued use of your data for our legitimate interests and not to be subject to profiling.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- contact Matthew Baines with a data subject request;
- provide sufficient information for us to identify you (e.g. your full name, address and client or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Changes to this privacy policy
This privacy policy was published on 25 May 2018.
We may change this privacy policy from time to time, when we do we will inform you. If you have an ongoing matter with us, we will inform you of changes to the policy using contact details that you have provided, or care of your solicitor.
How to contact us
Please contact our Data Protection Officer Matthew Baines by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
We’re here to help
Get in touch to see how we can support you in your defence.